Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-10-11 CVE-2024-9543 The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'skipto' shortcode in all versions up to, and including, 11.9.18 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-10-11 CVE-2024-9586 The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_auth' and 'check_logout' functions in versions up to, and including, 1.1.8.
network
low complexity
CWE-862
6.5
6.5
2024-10-11 CVE-2024-9587 The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_linkz' function in versions up to, and including, 1.1.8.
network
low complexity
CWE-862
5.4
5.4
2024-10-11 CVE-2024-9610 The Language Switcher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.7.13.
network
low complexity
CWE-79
6.1
6.1
2024-10-11 CVE-2024-9611 The Increase upload file size & Maximum Execution Time limit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.
network
low complexity
 6.1
6.1
2024-10-11 CVE-2024-9616 The BlockMeister – Block Pattern Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.1.10.
network
low complexity
CWE-79
6.1
6.1
2024-10-11 CVE-2024-9707 The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4.
network
low complexity
CWE-862
critical
 9.8
9.8
2024-10-11 CVE-2024-9822 Authentication Bypass Using an Alternate Path or Channel vulnerability in Pedalo Connector
The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.5.
network
low complexity
pedalo CWE-288
critical
 9.8
9.8
2024-10-10 CVE-2024-47867 Unspecified vulnerability in Gradio Project Gradio
Gradio is an open-source Python package designed for quick prototyping.
network
low complexity
gradio-project
7.5
7.5
2024-10-10 CVE-2024-47868 Path Traversal vulnerability in Gradio Project Gradio
Gradio is an open-source Python package designed for quick prototyping.
network
low complexity
gradio-project CWE-22
7.5
7.5